Almamy TOURE's thesis defense
I am pleased to invite you to my thesis defense entitled "Collection, analyse et exploitation des flux de communication pour la détection de cyberattaques" which will take place on at 09h at the Amphithéâtre Thierry TISON - UPHF - Campus du Mont Houy, bâtiment CISIT du LAMIH, 59313, Valenciennes.
-
Le 05/07/2024
-
09:00 - 10:30
-
Mont Houy Campus
CISIT Building
Thierry Tison Amphitheatre
Summary
The growing complexity of cyberattacks, characterized by a diversification of attack techniques, an expansion of attack surfaces and the increasing interconnection of applications with the Internet, makes it imperative to manage network traffic in the business environment. Companies of all types collect and analyze network flows and logs to ensure the security of exchanged data and prevent the compromise of information systems. However, techniques for collecting and processing network traffic data vary from one dataset to another, and static approaches to attack detection have limitations in terms of efficiency and accuracy, execution time and scalability.
.This thesis proposes dynamic approaches to the detection of cyber-attacks related to network traffic, using attribute engineering based on the different communication phases of a network flow, coupled with convolutional neural networks (1D-CNN) and their feature detector. This double extraction thus enables better classification of network flows, a reduction in the number of attributes and model execution times, and hence effective detection of attacks.
Companies are also faced with constantly evolving cyberthreats, and zero-day attacks, exploiting previously unknown vulnerabilities, are becoming increasingly common. Detecting these zero-day attacks involves constant technology watch and careful, but time-consuming, analysis of how these vulnerabilities are exploited.
Most of the solutions we offer guarantee the detection of certain attack techniques. Thus, we propose a framework for detecting these attacks that deals with the entire attack chain, from the data collection phase to the identification of any type of zero-day, even in a constantly evolving environment.
The most commonly used solutions guarantee the detection of certain attack techniques.
Finally, faced with the obsolescence of existing datasets and data generation techniques for intrusion detection and the fixed, non-evolving, non-exhaustive nature of recent attack scenarios, the study of a suitable synthetic data generator while guaranteeing data confidentiality is addressed.
The solutions proposed in this thesis optimize the detection of known and zero-day attack techniques on network flows, improve the accuracy of models, while guaranteeing the confidentiality and high availability of data and models with a particular focus on the applicability of the solutions in an enterprise network.